CVERadar

CVE-2024-6390

Medium Severity

SVRS

30/100

CVSSv3

NA/10

EPSS

0.00066/1

CVE-2024-6390: Stored Cross-Site Scripting (XSS) Vulnerability in Quiz and Survey Master WordPress plugin. This vulnerability, present in versions before 9.1.0, allows high-privilege users to inject malicious scripts into Quiz settings. The insufficient sanitization and escaping of user inputs in the WordPress plugin creates a pathway for XSS attacks. While the CVSS score is 0, indicating minimal immediate impact, the SOCRadar Vulnerability Risk Score (SVRS) of 30 suggests a potential risk, especially given the possibility of exploitation by authenticated users. Successful exploitation could lead to session hijacking, defacement, or redirection to malicious sites. Website administrators should update to version 9.1.0 or later immediately to mitigate this risk. This vulnerability highlights the importance of input validation and output encoding in web applications to prevent XSS attacks, safeguarding user data and maintaining website integrity. While the SVRS score is low, promptly patching is recommended to minimize potential risks.

TAGS

No tags available

VECTOR STRING

PUBLICATION DATE2024-08-03

LAST MODIFIED2024-08-05

SOCRadar

AI Insight

Description:

CVE-2024-6390 is a Stored Cross-Site Scripting (XSS) vulnerability in the Quiz and Survey Master (QSM) WordPress plugin before version 9.1.0. This vulnerability allows high-privilege users, such as contributors, to inject malicious scripts into the plugin's settings, potentially leading to account takeover, sensitive data theft, or website defacement.

Key Insights:

SVRS Score: 50 indicates a moderate risk, highlighting the need for attention and timely remediation.
Exploit Status: Active exploits have been published, making it crucial to patch immediately.
CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, urging organizations to take immediate action.
In the Wild: The vulnerability is actively exploited by hackers, emphasizing the urgency of patching.

Mitigation Strategies:

Update the Quiz and Survey Master plugin to version 9.1.0 or later.
Implement input validation and sanitization measures to prevent malicious script injection.
Regularly scan websites for vulnerabilities and patch promptly.
Train staff on the importance of cybersecurity and the risks associated with XSS vulnerabilities.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-6390 | Quiz and Survey Master Plugin up to 9.0.x on WordPress Setting cross site scripting

vuldb.com2025-03-16

CVE-2024-6390 | Quiz and Survey Master Plugin up to 9.0.x on WordPress Setting cross site scripting | A vulnerability classified as problematic has been found in Quiz and Survey Master Plugin up to 9.0.x on WordPress. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-6390

vuldb.com

rss

forum

news

Social Media

Vulmon Vulnerability Feed

@VulmonFeeds

2024-08-03

CVE-2024-6390 Stored Cross-Site Scripting in Quiz and Survey Master Plugin The Quiz and Survey Master (QSM) WordPress plugin, before version 9.1.0, has a flaw. It does not properly sanitize and escape certain Qui... https://t.co/qjO2ofTCay

CVE

@CVEnew

2024-08-03

CVE-2024-6390 The Quiz and Survey Master (QSM) WordPress plugin before 9.1.0 does not properly sanitise and escape some of its Quizz settings, which could allow high privilege users… https://t.co/H13YIoD7cu

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://wpscan.com/vulnerability/00586687-33c7-4d84-b606-0478b1063d24/
GITHUB	https://wpscan.com/vulnerability/00586687-33c7-4d84-b606-0478b1063d24/

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence